Home / malware Win32.Parite.A/B/C
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Parite.A/B/C is also known as Win32/Parite.
Explanation :
The virus is a file infector that is composed of two parts: a small stub written in Assembler, appended to the files infected that decrypts the main virus body, also appended to the infected file. The main virus body is a PE file written in Borland C++ that it’s dropped in the WindowsTEMP directory (or whatever location temporary files have on your system).
The virus infects PE files, and searches for files with *.exe and *.scr extensions, on local drives, network drives and network shares on local network. Because the virus appends to every infected file the main body, which is ~180K in size, there should be a visible decrease in free space on your volumes. The virus doesn’t show it’s presence in any way, and does not use email for spreading.
Versions A and B are mostly the same, while version C uses a somewhat tricky method of encrypting the original PE file’s entry point. Infected files have the last section’s name consisting of 3 randomly chosed letters followed by a non-printable character.
If in your exe files the last section name is .jbd or .xgt or something like that, then it’s probably a file infected with Parite.
The virus does not damage the file it infects.Last update 21 November 2011
